The father of a 13-year-old girl seriously injured in the Southport attack has expressed outrage after discovering that ambulance staff may have inappropriately accessed her medical records while she was fighting for her life. He has joined calls for a full-scale review by NHS England into the guidance and disciplinary procedures for staff who breach patient data.
Breach of Trust During Critical Care
The girl, identified only as Child 6, was stabbed in the back and arm by Axel Rudakubana while attending a Taylor Swift-themed dance class in July 2024. She survived, but three other girls—Alice da Silva Aguiar, nine, Bebe King, six, and Elsie Dot Stancombe, seven—were killed in the attack. The father stated: “It is a complete breach of trust in our darkest hours as a family and dampens how you feel about the amazing work they do to save lives.”
The family discovered the breach while reviewing documents from University Hospital Liverpool Group about similar incidents at Aintree Hospital. The documents revealed that staff from North West Ambulance Service (NWAS) may have accessed their daughter’s records without cause. The document states: “There are under 10 individuals who may have inappropriately accessed the incident in the ambulance service.” It adds that NWAS are “not formally disciplining” staff but have “strengthened their HR process for future incidents.”
Ongoing Investigations and Calls for Reform
Fletchers Solicitors, representing 22 of the 23 surviving girls, including Child 6, is already investigating a breach by staff at Aintree Hospital. The father said: “It was already incredibly difficult to think that NHS staff at Aintree hospital had needlessly pried into our daughter’s condition, but to then learn that ambulance staff did the same within the first 24 hours, when our daughter was at her most critical state is appalling. They weren’t checking on her condition, they just wanted to satisfy their own morbid curiosity.”
He added: “The Trusts are still unable to tell us with certainty whether photographs of our daughter’s injuries were viewed by staff, so we don’t know what to believe. The decision to share what happened to her should have been our daughter’s to make, now nobody can guarantee what data was shared and retained. They’ve had multiple chances to tell us about this but instead we have been left to discover this when we should be two years into our healing journey.”
Legal and Policy Gaps Highlighted
Nicola Ryan-Donnelly, Associate Solicitor at Fletchers Solicitors, commented: “The recent string of patient data breaches has shown there is a deep-rooted culture of snooping within the NHS. People who are seriously injured or dying should not have the added worry that they are being pried on, as they are rushed into hospital fighting for their lives.” She called for a full review by NHS England of the current policy governing all NHS staff on inappropriate patient data breaches.
Ryan-Donnelly noted that while the Hillsborough Law Bill, set to be approved this week, imposes a legal duty of candour on public bodies like the NHS, patient protections remain “dangerously patchy.” She contrasted the Southport case with the Nottingham attack, where staff who accessed records were dismissed after public outrage. At Aintree Hospital, only five staff received final written warnings for accessing records of a stabbed girl, and delays meant some staff had left before sanctions were applied.
She warned: “In the coming years the Government wants to introduce the Single Patient Record, but in light of recent events, we fear this could open the floodgates to give any NHS worker anywhere access to pry on victims of serious incidents. We need clear assurances that the Government will properly protect patients by introducing robust mechanisms so that only clinicians with a legitimate reason for accessing a patient record can do so.”
Ambulance Service Response
Salman Desai, Chief Executive of North West Ambulance Service, said: “We have identified concerns about potential inappropriate access to patient records and are formally investigating the matter. We will contact families and patients who may have been affected as our enquiries progress. Any inappropriate access to patient information will be treated extremely seriously. We are deeply sorry for the concern and distress this may cause.”



